References

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 20.04 LTS

Ubuntu 19.10

Ubuntu 18.04 LTS

Ubuntu 16.04 LTS

Summary

Firefox could be made to crash or run programs as your login if it
opened a malicious website.

Software Description

firefox - Mozilla Open Source web browser

Details

Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the
addressbar, or execute arbitrary code. (CVE-2020-12405, CVE-2020-12406,
CVE-2020-12407, CVE-2020-12408, CVE-2020-12409, CVE-2020-12410,
CVE-2020-12411)

It was discovered that NSS showed timing differences when performing DSA
signatures. An attacker could potentially exploit this to obtain private
keys using a timing attack. (CVE-2020-12399)

Update instructions

The problem can be corrected by updating your system to the following package versions:

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 14.04 ESM

Summary

Several security issues were fixed in Django.

Software Description

python-django - High-level Python web development framework

Details

USN-4381-1 fixed several vulnerabilities in Django. This update provides
the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Dan Palmer discovered that Django incorrectly validated memcached cache
keys. A remote attacker could possibly use this issue to cause a denial of
service and obtain sensitive information. (CVE-2020-13254)

Jon Dufresne discovered that Django incorrectly encoded query parameters
for the admin ForeignKeyRawIdWidget. A remote attacker could possibly use
this issue to perform XSS attacks. (CVE-2020-13596)

Update instructions

The problem can be corrected by updating your system to the following package versions:

References

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 16.04 LTS

Summary

Several security issues were fixed in FreeRDP.

Software Description

freerdp - RDP client for Windows Terminal Services

Details

It was discovered that FreeRDP incorrectly handled certain memory
operations. A remote attacker could use this issue to cause FreeRDP to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 20.04 LTS

Ubuntu 19.10

Ubuntu 18.04 LTS

Ubuntu 16.04 LTS

Summary

Several security issues were fixed in Django.

Software Description

python-django - High-level Python web development framework

Details

Dan Palmer discovered that Django incorrectly validated memcached cache
keys. A remote attacker could possibly use this issue to cause a denial of
service and obtain sensitive information. (CVE-2020-13254)

Jon Dufresne discovered that Django incorrectly encoded query parameters
for the admin ForeignKeyRawIdWidget. A remote attacker could possibly use
this issue to perform XSS attacks. (CVE-2020-13596)

Update instructions

The problem can be corrected by updating your system to the following package versions:

References

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 19.10

Summary

Apache Ant could leak sensitive information or be made to run programs
as your login.

Software Description

ant - Java based build tool like make

Details

It was discovered that Apache Ant created temporary files with insecure
permissions. An attacker could use this vulnerability to read sensitive
information leaked into /tmp, or potentially inject malicious code into a
project that is built with Apache Ant.

Update instructions

The problem can be corrected by updating your system to the following package versions:

References

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 20.04 LTS

Ubuntu 19.10

Ubuntu 18.04 LTS

Summary

Several security issues were fixed in FreeRDP.

Software Description

freerdp2 - RDP client for Windows Terminal Services

Details

It was discovered that FreeRDP incorrectly handled certain memory
operations. A remote attacker could use this issue to cause FreeRDP to
crash, resulting in a denial of service, or possibly exeucte arbitrary
code.

Update instructions

The problem can be corrected by updating your system to the following package versions: